PT-2022-21657 · Libredwg · Libredwg
Cxlzff
·
Published
2022-06-22
·
Updated
2023-01-23
·
CVE-2022-33032
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LibreDWG version 0.12.4.4608
Description
The issue is related to a heap-buffer-overflow in the
decode preR13 section hdr function located at decode r11.c. This overflow can potentially lead to memory corruption and execution of arbitrary code.Recommendations
For LibreDWG version 0.12.4.4608, consider restricting access to the
decode preR13 section hdr function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libredwg